1. Field of the Invention
The present disclosure pertains generally to secure communications and more particularly to a system and a method for providing end-to-end security for communications over a communication network such as the Internet without the need for further encryption protocols by communicating within a top level domain.
2. Description of the Related Art
Typically, individuals and many small businesses use an Internet Service Provider (ISP) for email and Internet access. The ISP usually issues the domain name and assigns IP addresses. Rather than using an ISP, more and more businesses are desiring to have more choices and control over their domain names. Additionally, many businesses prefer to run their own messaging servers in order to have increased functionality and control. While exercising such control provides increased functionality and control, security remains an ongoing concern for individuals and businesses alike. This concern for security is particularly acute in the world of healthcare, comprised of an independent collection of organizationally independent constituents, such as: hospitals, healthcare enterprises; physicians (group or small practices) and clinics; patients and consumers; payors and government (Medicare, Medicaid, etc.); pharmacies and other suppliers; home health agencies; knowledge sources and educational institutions. These constituents work together in highly dynamic relationships. As such, these constituents must share highly confidential information to conduct complex processes (e.g. surgical procedures, radiology exams, lab tests, prescription fulfillment and others).
Current methods of providing safe communication over networks for data and telecommunication often involve PKI (Public Key Infrastructure) solutions for information encryption, signing or authentication wherein one secret code or a public key is used to firstly encrypt pieces of data and another private code or key is utilized to decode the encrypted data. Such solutions principally involve a CA (Certification Authority), i.e. a trusted certificate provider, who verifies the identity of the holder of the private key and issues a secret code or key directly to an authorized client, user, and providing a public code or key in a directory or the like for collection when required for ensuring an authority, for example when a client, user, attempts to access specific locations, services or applications on the network where an authorization check is performed for maintaining a preset level of security.
A problem with utilizing PKI through an integrated platform at the client location as commonly accomplished, originates in the inflexibility and vulnerability of the security system configuration as a whole, among other matters referring to the access site-dependency i.e. in the case where a request to enter a secure network location, application or service fulfills the requirements for access granting, the requisites for providing access are previously distributed and stored locally in a secure device e.g. on a smart card or equivalent token, or in a protected area e.g. on a computer hard disc, a local server or the like local storage media often in the form of digital signatures and cryptographic keys embedded in an electronic document, protocol or script file. Whenever the requisites are stored locally in a protected area, access to this specific location subsequently also may be granted from a variety of different locations and computers depending on different accessing locations of the same authorized client, the same amount of possible unauthorized entryways exist to that secure network domain since such accessing information always will be downloaded and stored on media relating to respective new entryway. It could hence possibly be quite easy for an unauthorized entity to utilize such downloaded and locally stored access information to entry locations in what is called “secure” domains or for creating false access credentials. When the requisites are stored in a secure device, the access point to that device often is non-secure, e.g. through connection with the computers operating system or non-secure device drivers, subsequently causing analogous non-security considerations as with storing requisites in local storage media. Moreover there is a possibility that such accessing information, after being issued to a client by a CA, either is monitored or in some other way directly or indirectly intercepted by an unwanted entity seeking to force entry and manipulate contents in a secure location on the network.
Other problems relating to PKI authentication can also involve having to provide electronic authentication hardware or the like to a client following an access request and registration to a secure domain environment, representing a timely, costly and inflexible means of ensuring an authority for both the access seeking client and the administrator of the secure domain.
The above mentioned shortcomings with PKI security solutions, as currently mostly utilized, also constitutes a problem in the electronic communication between different trusted parties, for example between banks, each requiring a certain degree of network domain security and where one or several of the banks are CA to their clients and possibly may not trust each others network security solutions nor be able to issue guarantees based on others CA-policies. The level of security for accessing the network in one of the banks may for example not reach a certain set security standard as claimed by another bank, maybe for marketing purposes, making such a claim more or less useless when, for example, electronic transactions between these two banks are to be executed or mainly when establishing a network connection between the banks altogether, through which an unauthorized entry then is more easily achievable via the lower level security system into the higher security level system.
Since most banks and other like corporations and public authorities, which utilize networks for data and telecommunications as a means for communicating information provision and financial transactions to attract and keep clients by means of presenting the most safe and secure network environment on the market for such activities, problems of mistrust and network security divergences in the association between companies are still to be solved.
There could also be compatibility problems between different potent network security solutions in companies wanting to cooperate with each other, wherein such problems would be difficult, costly and time-consuming to overcome with an overall maintained high level of security without making major changes to at least one of the companies network security structure.
There is hence a need for a network security solution, that maximizes security in a user transparent way.